We have a simple machine we are building, but it is different from other machines we have built in the past. Normally we do fully automated cells, with little or no operator interaction. We have a simple Camco indexer that will spin a table within the operators work envelope. Is it enough in the US for the safety to just disable the "Enable" control circuit or does it have to cut power to the motor directly when the 2 hand safety relay isn't made?

The manual for the indexer states that the enable circuit must be disabled BEFORE motor power is cut. How does one achieve this? Timers? Seems silly for a 2 hand safety circuit to have timers.

I know a lot of these questions here get jumped on in a rude way because it's hard to be specific about safety when you don't see the whole picture. I'm not going to stand in court and say 'some guy from told me this was okay'. What I'm looking for is where one would even find this information at?

I appreciate any help from someone more senior than I, as I am just starting out in this path.

Actually a simple two hand safety circuit needs timers. The times are mandated in the controlling document. e.g. OSHA 1910.217 for presses. The OSHA docs are readily accessible. No idea for other countries. For truly dangerous machines it's often wise to buy this function.


What kind of control is the "indexer" you speak of? Is this a smart servo drive, motion controller (with servo drive), or a clutch/brake setup?

I have not heard of a servo system whereby you could not kill its mains at any time. It may be that to get proper controlled braking of the motor that they want the enable to be killed some number of milliseconds before the mains are killed. Many timers are available for this, but I am not sure if any of those need to be safety rated (and it probably depends on the class of damage this machine will expose the operator to).

I would contact a safety expert. People like Euchner (who offer safety switches and relays) will often offer services to conduct a full safety study (risk assessment) for your process using the safety analysis tools accepted by industry standards. This will tell you what level you need to comply to and that will determine what hardware you need. Not being able to see the machine makes it hard to suggest anything detailed.


The requirements for two had control is found in ANSI B11.19. For safety it is not a requirement that power to the actuators be shut off. This is the requirement for an emergency stop as defined in NFPA79, however current standards allow for separate protective stop that may allow for the power to the actuators to be left on, a "Category 2" stop per NFPA 79. To determine what is correct for your machine, we strongly recommend a risk assessment be done. This will guide you to the correct stopping environment. Moreover the use of simple timers in a safety related control is not recommended. All the components of your safety related circuit must be safety rated.
It's just a motor with a VFD, and a mechanical indexer, like a Camco. The VFD manufacturer's instructions state not to drop main power without first removing the enable circuit.

Thanks everyone for the replies, it makes me feel a little better about everything. :)

I have used Rockwell's Powerflex drives with the safe-off feature, coupled with the Camco indexer, and this was suitable for the category of risk in which the machine was operating.